diff options
author | Jeff Layton <jlayton@samba.org> | 2012-11-07 10:19:19 -0500 |
---|---|---|
committer | Jeff Layton <jlayton@samba.org> | 2012-11-07 10:19:19 -0500 |
commit | 3a41103dfea64856c8317099496716a7f9010769 (patch) | |
tree | 7f2412088d7a87d1aeb16b238186982d57b885a5 | |
parent | aa7cbf3ebc5df89b592815623459dabf6a21f5eb (diff) | |
download | cifs-utils-3a41103dfea64856c8317099496716a7f9010769.tar.gz cifs-utils-3a41103dfea64856c8317099496716a7f9010769.tar.bz2 cifs-utils-3a41103dfea64856c8317099496716a7f9010769.zip |
getcifsacl: fix endianness bug in getcifsacl and add better bounds checks
getcifsacl must convert the access_req field from little endian. Also,
we should ensure that the "size" field in the ACE is reachable before
trying to access it.
Signed-off-by: Jeff Layton <jlayton@samba.org>
-rw-r--r-- | getcifsacl.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/getcifsacl.c b/getcifsacl.c index b832c50..c576fc0 100644 --- a/getcifsacl.c +++ b/getcifsacl.c @@ -31,6 +31,7 @@ #include <unistd.h> #include <stdio.h> #include <stdlib.h> +#include <stddef.h> #include <errno.h> #include <limits.h> #include <wbclient.h> @@ -235,7 +236,15 @@ print_sid_raw: static void print_ace(struct cifs_ace *pace, char *end_of_acl, int raw) { - /* 16 == size of cifs_ace sans the cifs_sid */ + uint16_t size; + + /* make sure we can safely get to "size" */ + if (end_of_acl < (char *)pace + offsetof(struct cifs_ace, size) + 1) + return; + + size = le16toh(pace->size); + + /* 16 == size of cifs_ace when cifs_sid has no subauths */ if (le16toh(pace->size) < 16) return; @@ -250,8 +259,7 @@ print_ace(struct cifs_ace *pace, char *end_of_acl, int raw) printf("/"); print_ace_flags(pace->flags, raw); printf("/"); - print_ace_mask(pace->access_req, raw); - + print_ace_mask(le32toh(pace->access_req), raw); return; } |